Today we launched a new app that will make it easier for people to take action on digital rights issues using their phone. The app allows folks to connect to our action center quickly and easily, using a variety of mobile devices.

Sadly, though, we had to leave out Apple devices and the folks who use them. Why? Because we could not agree to the outrageous terms in Apple’s Developer Agreement and Apple’s DRM requirements.

As we have been saying for years now, the Developer Agreement is bad for developers and users alike. Here are a few of the terms that we are worried about:

Ban on Public Statements: Section 10.4 prohibits developers from making any "public statements" about the terms of the Agreement. This is particularly strange, since the Agreement itself is not "Apple Confidential Information" as defined in Section 10.1. So the terms are not confidential, but developers are contractually forbidden from speaking "publicly" about them.

Ban on Reverse Engineering: Section 2.6 prohibits any reverse engineering (including the kinds of reverse engineering for interoperability that courts have recognized as a fair use under copyright law), as well as anything that would "enable others" to reverse engineer, the software development kit (SDK) or iPhone OS.

App Store Only: Section 7.3 makes it clear that any applications developed using Apple's SDK may only be publicly distributed through the App Store, and that Apple can reject an app for any reason, even if it meets all the formal requirements disclosed by Apple. So if you use the SDK and your app is rejected by Apple, you're prohibited from distributing it through competing app stores like Cydia.

No Tinkering with Any Apple Products: Section 3.2(e) is the "ban on jailbreaking" provision that appears to prohibit developers from tinkering with any Apple software or technology, not just the iPhone, or "enabling others to do so."

Apple Owns Your Security: Section 6.1 explains that Apple has to approve any bug fixes or security releases. If Apple does not approve such updates very quickly, this requirement could put many people in jeopardy.

Kill Your App Any Time: Section 8 makes it clear that Apple can "revoke the digital certificate of any of Your Applications at any time." Steve Jobs once confirmed that Apple can remotely disable apps, even after they have been installed by users. This contract provision would appear to allow that.

We have some other concerns as well, but these top the list.

Lots of developers hold their nose and sign the agreement despite these onerous conditions, and that’s understandable. The Apple App store is a huge market and hard to ignore if you want your business to succeed. And sometimes, developers have to weigh these onerous restrictions against not just their ability to survive financially, but also their ability to reach and protect users from snooping and censorship.

We thought about those competing concerns too. We’re proud of the tool we’ve developed and we think it offers a great new way for people to speak up and take action. We want it to be available and used by as many people as possible, including iPhone users. We hate that we can’t make that possible right now.

Contract restrictions aside, the final barrier was knowing that we’d be required to include a form of Digital Rights Management (DRM). DRM means that Apple is putting technical restrictions on what you can and can’t do with your app. When we create tools for EFF, we want them to be broadly available to others to use, adapt, and customize. That’s why we work to make our technical projects based on free software, and avoid DRM.

So we are not releasing an iPhone app at this time. As we’ve been saying for years, “Developers should demand better terms and customers who love their iPhones should back them.” At EFF, we walk our talk. We will not agree to contract terms that we couldn’t endorse for others, and we certainly will not wrap our app in DRM.

We’ve asked Apple to revisit their terms and conditions; perhaps they will do so. You can join us by signing your name on a petition to Apple. Note: you can sign on any browser, including mobile browsers on an iPhone

Related Updates

Dear Jeff, Tim, and colleagues, In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ecosystem. By doing so, the organization offered the...

Yesterday's record-smashing Net Neutrality day of action showed that the Internet's users care about an open playing field and don't want a handful of companies to decide what we can and can't do online. Today, we should also think about other ways in which small numbers of companies, including...

Dear Tim, Jeff, and W3C colleagues, On behalf of the Electronic Frontier Foundation, I would like to formally submit our request for an appeal of the Director's decision to publish Encrypted Media Extensions as a W3C Recommendation, announced on 6 July 2017. The grounds for this appeal are that...

Note: We’ve been in touch with a group of economists at the University of Glasgow who are investigating the market value on interoperability. Just in time for “Day Against DRM,” here are some of their initial conclusions. My co-authors and I at the University of Glasgow are investigating how restrictions...

Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions (EME)—a DRM standard for web video—with no safeguards whatsoever for accessibility, security research or competition, despite an unprecedented internal controversy among its staff and members over this issue. EME is...

Intel’s CPUs have another Intel inside. Since 2008, most of Intel’s chipsets have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the...

The World Wide Web Consortium has formally put forward highly controversial digital rights management as a new web standard. Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time. The DRM is supposed to thwart...

The latest episode of the technology podcast Reply All features an excellent summary of some of the issues with the World Wide Web Consortium's current project to create a standard for restricting the use of videos on the web; we've created this post for people who've just listened to...